Cyberdefense training using a digital twin

The increasing threat of advanced cyberattacks calls for innovative methods to strengthen the cyberdefenses of organizations. This project aims to develop a training platform based on digital twins to simulate realistic attack scenarios. The goal is to train automated defense agents that are capable of suggesting cost-effective defensive strategies based on constrained observations of the targeted system. In this use case, a digital twin acts as a virtual representation of an IT-system environment which enables simulation of complex network structures, system dependencies and attack vectors. 

The project utilizes attack simulation infrastructure, the MAL-simulator, which has already been developed at KTH. The first part of the project focuses on enriching the simulator with the capability to model the attacker more realistically. This includes developing logic which takes into consideration the attacker's knowledge, skills and preferences. Furthermore, the simulator will be extended with functionality to quantify consequences of successful attacks, such as costs due to losses for the defender, benefits for the attacker and costs for defensive actions and operations. Through the use of these extended simulation capabilities, attacker agents will be developed to simulate cyber attacks against virtual IT-system environments. The attack simulations will be used as training data for machine learning, which enables the development of machine learning-based defender agents. These agents will function as expert systems, suggesting cost-effective defensive strategies tailored to specific systems.

The project intends to demonstrate a prototype of a training platform that shows how large amounts of attack simulations, with different attacker profiles, can be used to create and train defense agents. The agents offer capabilities for implementing various defensive strategies and tactics that are optimized to the IT-systems they are trained on.

Forskare